Hi,
I have a PfSense going through CRS305-1G-4S+IN switch #1 that needs to get an IP from switch 2 (CRS305-1G-4S+IN) upstairs.
I have been trying all sorts of magic to get the ISP traffic to be VLAN tagged and sent to the PfSense (A2:3E:25:C1:7B:34) but have not even succeeded in getting all traffic from the PfSense to go to switch nr 2 in any way!
I have drawn a diagram that I hope can shed some light on the issue. https://drive.google.com/file/d/1Dl0Dc4RDuL9_eyjd8ZoUuBmJ7zuunGe3/view?usp=sharing
What I want to do in short is to replace my old Asus router and have the PFSense sit on my Proxmox cluster, since the Asus doesnt seem to handle 1gbit WAN at all.
The switches are more or less default config, barring the interfaces being renamed and forced to speak 10GB instead of autosensing the speed.
Set the pvid of the port connected to the internet device(modem) to the vlan Id you want to send to your router.
Ideally you want to have this port be untagged traffic only on the modem connected port(you don’t want other vlans being sent out this port). This vlan tagged traffic should then be set on your trunk ports via switches along the way to your router (pfsense), which should be expecting traffic from that vlan Id. On that pfsense interface (external) you world have a DHCP client that would get an IP address via that tagged external traffic.
You should probably also vlan the rest of your network traffic to keep everything segregated properly.
This definitely works since I do this myself. You need to read the docs on crs3xx vlans and follow my guidelines above.
